Senior Security Researcher

Senior Security Researcher at Microsoft

Overview

Security is one of the most critical priorities for our customers in a world challenged by relentless digital threats, increasing regulatory demands, and complex technology estates. At Microsoft Security, our aspiration is clear: to make the world a safer place for everyone. We aim to redefine security by empowering every user, customer, and developer with a comprehensive security cloud—delivering end-to-end protection through simplified, integrated solutions. Our organization accelerates Microsoft’s mission and bold ambitions by safeguarding digital platforms, devices, and clouds across diverse customer environments, while ensuring the security of our own internal estate.

We are looking for a Senior Security Researcher to join our team!

The Identity Threat Detection and Response (ITDR) Security Research team leads advanced research in Identity protection, leveraging next-generation AI and cloud technologies. Our team comprises globally recognized experts in identity and cloud-related threats—highly skilled, passionate professionals committed to driving innovation and safeguarding customers in an ever-evolving digital landscape.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Research attacker tradecraft and evolving threat patterns across cloud identity ecosystems, including OAuth, Enterprise Applications, third‑party SaaS platforms (e.g., Okta), emerging AI applications, and end‑to‑end authentication flows, with a strong focus on real‑world identity abuse techniques.
• Conduct proactive threat hunting across Microsoft Defender and Entra product signals to uncover identity‑based attacks, abuse paths, and misconfigurations.
• Design and deliver high‑quality detections, analytics, and risk insights by correlating multi‑product telemetry with attacker context.
• Partner with Engineering and PM teams to translate research findings into scalable, customer‑facing protection capabilities.
• Collaborate with Data Science teams to develop ML/AI‑based anomaly detection models, risk scoring frameworks, and hunting algorithms.
• Publish and communicate research outcomes through internal papers, external blogs, and conference presentations, representing Microsoft’s thought leadership in identity threat detection and cloud application security.
• Act as a Subject Matter Expert (SME) for identity threats by supporting customer incidents, field engagements, and internal incident response teams with deep context on attacker techniques, abuse patterns, and emerging trends.
• Work cross‑functionally with red teams, blue teams, infrastructure teams, and product groups to validate attack paths, simulate real‑world abuse scenarios, and continuously improve defensive coverage.
• Maintain strong research hygiene, including dataset curation, methodology documentation, signal quality assessment, and continuous improvement of detection efficacy.

Qualifications

• 7+ years of experience in cybersecurity, with strong hands-on understanding of the modern attacker kill chain, MITRE ATT&CK framework, and evolving identity-based threats, including attacks targeting SaaS applications, OAuth-based Enterprise Apps, and emerging AI-driven applications.
• Bachelor’s degree in Computer Science, Engineering, Information Technology, or a related technical discipline, or equivalent practical experience in security research or threat detection.
• Deep knowledge of adversary tooling, red team frameworks, and attacker techniques, with the ability to analyze, simulate, and interpret real-world attacker behaviors across identity and cloud ecosystems.
• Proficiency in at least one programming language (e.g., Python, C, or C++) for building research prototypes, internal tools, automation, or detection logic.
• Strong proficiency in query languages such as KQL, SQL, or Cypher for large-scale telemetry analysis, threat hunting, behavioral investigations, and detection validation.
• Experience working with large-scale datasets to support detection development, proactive threat hunting, behavioral analytics, and signal quality improvement.
• Strong collaboration and communication skills, with the ability to clearly articulate research insights, influence product and engineering decisions, and work effectively with partner teams, including Engineering, Data Science, and incident response stakeholders.

Key skills/competency

• Identity Threat Detection
• Cloud Security
• Attacker Tradecraft
• MITRE ATT&CK Framework
• Threat Hunting
• Detection Engineering
• ML/AI for Security
• SaaS Application Security
• OAuth Security
• Incident Response Support